Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: 0-day "vulnerability"
From: wmsecurity <wmsecurity () gmail com>
Date: Thu, 28 Oct 2010 18:17:25 +0200

The term "0-day vulnerability" usually refers to a currently unpatched security
issue in some specific product. The availability of an exploit, public or not,
is optional in this case. That's why both terms have the right to exist.

On Thu, Oct 28, 2010 at 17:18, Curt Purdy <infosysec () gmail com> wrote:
Sorry to rant, but I have seen this term used once too many times to
sit idly by. And used today by what I once thought was a respectable
infosec publication (that will remain nameless) while referring to the
current Firefox vulnerability (that did, by the way, once have a 0-day
sploit)  Also, by definition, a 0-day no longer exists the moment it
is announced ;)

For once and for all: There is no such thing as a "zero-day
vulnerability" (quoted), only a 0-day exploit...

Curt Purdy CISSP, GSNA, GSEC, MCSE+I, CCNA

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]